IPv6 equivalent to DHCP Option 82 for geolocating customer MACs to certain ports of Multi-port Layer 2 demarcation devices

Gert Doering gert at space.net
Mon May 9 11:25:02 CEST 2011


On Mon, May 09, 2011 at 09:54:32AM +0100, Nick Hilliard wrote:
> SEND will never take off because it requires certificates.  I.e. it's too 
> complicated for my mother to install on her DSL link.

Not fully correct.  There's two things to SeND - one is securing the
"neighbour discovery" bits by use of CGAs and pub-key crypto, and that's 
mostly automatic.  The other one is "secure the router advertisement",
and *that* one needs certificates.

For the rogue-RA-no-certs-wanted problem, you need L2 gear that can
filter RAs from non-router-ports.

Gert Doering
        -- NetMaster
did you enable IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the ipv6-ops mailing list